The present invention relates to data processing methods and, more particularly to a data processing method used favorably for data processing wherein data should be strictly managed to prevent leakage of secrets at the time of copying and/or moving data.
For data processing with a computer system, there are conventional techniques wherein data is copied in advance in a separate storage area so that critical corporate data may not be lost upon occurrence of an equipment failure or a disaster. Such techniques are generically called “backup.” In addition, for example, data is sometimes copied for the purpose of delivering business data within a company.
It should be noted, here, that much of corporate data is subjected to organizational and/or geographical restrictions regarding the range in which data copy or data migration can be made. Hereinafter, such range shall be referred to as “a possible data arrangement range.” Examples of information whose possible data arrangement range is restricted include technical information that is prohibited to be exported to specified countries under the export control raw, intra-company classified information, and other company's classified information that is obtained under an agreement with that company.
Examples of techniques to restrict data copying include the one in which an authentication is executed whenever data is accessed, an access is granted only to an authorized client, and accesses are restricted to the number of times specified in advance. Also, some other techniques include the one in which part of data is encrypted, and accesses are restricted by distributing decryption keys only to users who are authorized for reading the data (e.g. Japanese Patent Laid-open No. 09-006682 and Japanese Patent Laid-open No. 2001-103047).
As described above, much of corporate data is subjected to organizational and/or geographical restrictions in terms of the possible data arrangement range. Consequently, when work that accompanies copying or migration of conventionally available data is conducted, it is necessary to consider if the work does not infringe the restriction of the possible data arrangement range. Performing the work while paying attention to the possible data arrangement range requires considerable efforts when the data amount to be controlled is large, and the defined restriction of the possible data arrangement range may not be observed due to a wrong operation by the administrator. When this happens, laws, rules and agreements concerning data handling rules could be violated due to the wrong operation by the administrator while the data owner does not aware of such infringement. In addition, when data that is not in the possible data arrangement range is fraudulently accessed, critical secret information may be leaked out, thus incurring significant job-related losses.
Such problems cannot be solved with techniques to restrict data copying offered by the Japanese Patent Laid-open No. 09-006682 and the Japanese Patent Laid-open No. 2001-103047, both of which refer to related art.
With the technique of the Japanese Patent Laid-open No. 09-006682 to restrict the number of authentications and access times at the time of accessing data, it is necessary to distribute authentication information to all users accessing the above-stated data, and therefore, the data may be fraudulently accessed when the authentication information is leaked out. Further, regarding restriction of the number of accesses, it is not possible to establish a range of restriction, in which, for example, copying can be made unlimitedly within the range, but copying must not be made even once beyond the range.
Likewise, as for the technique to encrypt part of data referred to in the Japanese Patent Laid-open No. 2001-103047, there is a possibility of leaking out of keys, or secret information leaks due to data analysis, and beside that, significant efforts are required to manage the keys (distribution, prevention of leak out, etc.) or to encrypt the data.
An object of the present invention is to provide a data processing method for preventing violation of rules or leaking out of secret information attributed to wrong operation of an administrator, thus enabling data management that offers excellent security protection, at the time of making copies of corporate business data, etc.